From: Thomas Graf Date: Tue, 6 Jan 2015 00:04:21 +0000 (+0100) Subject: netlink: Warn on unordered or illegal nla_nest_cancel() or nlmsg_cancel() X-Git-Tag: firefly_0821_release~176^2~2371^2~285 X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=149118d89355fb0e1a898f47977f8ae9be8e14e7;p=firefly-linux-kernel-4.4.55.git netlink: Warn on unordered or illegal nla_nest_cancel() or nlmsg_cancel() Calling nla_nest_cancel() in a different order as the nesting was built up can lead to negative offsets being calculated which results in skb_trim() being called with an underflowed unsigned int. Warn if mark < skb->data as it's definitely a bug. Signed-off-by: Thomas Graf Signed-off-by: David S. Miller --- diff --git a/include/net/netlink.h b/include/net/netlink.h index 64158353ecb2..d5869b90bfbb 100644 --- a/include/net/netlink.h +++ b/include/net/netlink.h @@ -520,8 +520,10 @@ static inline void *nlmsg_get_pos(struct sk_buff *skb) */ static inline void nlmsg_trim(struct sk_buff *skb, const void *mark) { - if (mark) + if (mark) { + WARN_ON((unsigned char *) mark < skb->data); skb_trim(skb, (unsigned char *) mark - skb->data); + } } /**